Configure Response Headers

This section contains options for enabling and disabling advanced security headers. The Content Security Policy (CSP) is a computer security standard used to prevent cross-site scripting (XSS), clickjacking, and other code injection attacks resulting from the execution of malicious content in a trusted web page context.

The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page as a frame, iframe, or object. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded in other sites.

Copyright 2017 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc. Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.